Technology and Privacy: Evolving Legal Issues

Technology and Privacy: Evolving Legal Issues

Technology is changing the nature of privacy. We are increasingly asked to allow access to personal information in exchange for a service, for increased convenience, or simply in exchange something that is cutting edge or seems cool. Many are willing to make this exchange, but are we really aware of the ramifications of this decision?

Content Scanning

Google released Gmail in 2004 as a “free” email service, but they were not being altruistic. In exchange for providing a free, convenient, and easily accessible e-mail service, Gmail scans (i.e., reads) your incoming and outgoing e-mail to allow them to better target advertising. So, if you e-mail a friend about an upcoming vacation to New York and e-mail another friend mentioning your love of opera, you may be more likely to see advertisements for New York’s Metropolitan Opera as you browse the web. Google is using the information in your e-mail messages to profile you, and that profile is one of the many things that may determine what advertisements you see online. In general, most people don’t seem to have a problem with this. In February 2016, Gmail passed one billion users and is by far the most popular e-mail platform (Khan, 2015)(Wikipedia , 2016).

This is not to say that issues haven’t arisen; Google has faced class action lawsuits over content scanning. According to ARS Technica (Mullin, 2016), “The issue is a lingering headache for the search giant, which has faced allegations for years now that scanning Gmail in order to create personalized ads violates US wiretapping laws.”

Content scanning, and the issues it raises, are not limited to email. In 2014, four UC Berkley students and alumni filed a lawsuit over Google’s Apps for Education suite, over how K-12 students web activities were tracked. The issue here was not e-mail tracking, which Google had disabled for students, but rather tracking in “non-care services,” such as Blogger, Photos, Maps and YouTube or when students were using Chromebook computers. Apparently if students were logged into their Google accounts while visiting these sites Google was tracking them (Kamenetz, 2015). Society tends to see children and teens as a more vulnerable population and thus have increased privacy expectations for them, hence the lawsuit.

Google is not alone in encountering issues over content scanning. Facebook scans messages as well. In 2016 they became involved in a class action lawsuit over scanning and logging URLs in Facebook messages. Facebook claims that this information is anonymized and cannot be linked to specific message senders or recipients, a fact the plaintiffs have disputed. They maintain this data is searchable, which is a violation of Electronic Communications Privacy Act and California Invasion of Privacy Act (Brandom, 2016).

What expectation of privacy do users of Google and Facebook’s services have? Google maintains that some scanning activities are inherently part of operating an e-mail service – anti-virus scans, for example. Scanning also allows Google to offer their Priority Inbox feature, which sorts e-mail by importance to the recipient. Beyond this, however, Google realizes a business advantage from using data in your e-mails in their core advertising business.

It’s also important to consider the rights of non-Gmail users, such as someone who sends e-mail from their Yahoo! account to a Gmail address. Google has said that these people have no expectation of privacy, because they are turning their information over to a third party – Google. This is known as the “third-party” doctrine, and it’s a controversial notion.

Facial Recognition

While there seems to be a de facto acceptance of content scanning, other technologies appear to be viewed as more intrusive. One such technology is facial recognition. In 2011, Facebook users in the United States began noticing that Facebook was recognizing people in images and suggesting tags for them, basically saying, “This looks like Uncle Jim. If it is, click and we will tag him.” If you agreed to tag the image, Facebook noted this and got a little better at recognizing Uncle Jim.

As of late 2016, Facebook has 1.79 billion users (Statista, 2017), many of whom upload images, giving Facebook “the largest single collection of images that human beings have ever had access to” and a technology for recognizing people in those images that is 97% accurate (Brandom, 2015). This means that Facebook is amassing a huge database matching faces to names. Names, of course, lead to other information – credit scores, employment histories, criminal records, and more. Further, unlike other identifying information like e-mail address, faces cannot be easily changed. All of this has privacy advocates concerned.

Facial recognition has run afoul of the Biometric Information Privacy Act, an Illinois law that restricts use of biometric identifiers – “a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry” (Illinois General Assembly, 2008). Facebook now faces a class action lawsuit over violations of this law, filed in 2015. In May 2016, a judge in Northern California District Court ruled against a motion by Facebook to dismiss, and as of April 2018 the case it proceeding, with Facebook arguing that no user has suffered harm and that they are not bound by Illinois law; in addition, both parties are contesting a variety of issues regarding the specific facial recognition technologies used (Strickland, 2016), terminology, whether the Illinois law pertains to photographs, and storage of biometric data. As a global company, Facebook is clearly concerned by the effect of one state’s laws on their entire business.

Similar lawsuits have been filed against Shutterfly, Snapchat, and Google (the Shutterfly lawsuit was settled and Snapchat was sent to arbitration).

Increasing Discomfort?

We continue to use these services, but user surveys do indicate increasing concern over online privacy, with Pew Research (Raine, 2016) finding younger adults generally “more focused than their elders when it comes to online privacy.” Pew also found that “fully 91% of adults agree or strongly agree that consumers have lost control of how personal information is collected and used by companies.”

Laws will need to evolve with technology, and the Pew survey finds support for this: “A majority of the U.S. public believes changes in law could make a difference in protecting privacy – especially when it comes to policies on retention of their data.” Facebook’s facial recognition lawsuit is worth watching in this regard, and because it is indicative of how state privacy laws are applied to a global company. Lawsuits regarding content scanning and facial recognition are also barometers regarding our evolving legal expectation of privacy in an increasingly digital and connected world, as we weigh increasing inconvenience against decreasing privacy.

Raine, L. (2016, September 21). The state of privacy in post-Snowden America. Retrieved from Facttank: The News in Numbers: http://www.pewresearch.org/fact-tank/2016/09/21/the-state-of-privacy-in-america/

Vedantam, S. (2016, August 23). Do You Read Terms Of Service Contracts? Not Many Do, Research Shows. Retrieved from npr.org: http://www.npr.org/2016/08/23/491024846/do-you-read-terms-of-service-contracts-not-many-do-research-shows